Jump to content

Hack on product and category sheets


Recommended Posts

Hello,


A javascript code has been added to the description of products, categories and cms pages (see attachment). This makes it impossible to edit a file. Prestashop version is 1.7.5.0.


We've applied the Eolia patch, updated all modules, removed the javascript code from the database, changed all admin and even server accesses. What's more, Prestashop's "Information" tool says: "No changes have been detected on your files."


However, a few days later, we notice that the code has been injected again. 

Before updating Prestashop and the theme (which we want to do as a last resort and being certain that it will remove the problem), are there any identical hack cases that have been solved?

Sincerely

 

ppppp.jpg

Edited by OSFormation (see edit history)
Link to comment
Share on other sites

Hi,

Try to find where the hole is. For that I recommend this procedure:

  • Restore a clean backup (files and database)
  • Rename your backoffice folder
  • Change password of superadmin account
  • disable all other employees accounts
  • verify smarty vulnerability is patched or apply it
  • Install a free script that alert you on any file change
  • If you receive an alert extract all POST request from your log file to determine where the hole is
  • Try to fix it or alert Prestashop if it's a core issue
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...